This work addresses the challenge that state-of-the-art AI agents vastly outperform traditional, trusted monitoring models, rendering conventional oversight ineffective. To overcome this capability gap, the paper proposes a guided monitoring protocol that leverages a strong intermediate model with transparent chain-of-thought reasoning to evaluate agent behavior, while a weaker yet trustworthy model supervises the intermediate model’s reasoning process to prevent collusion. This approach is the first to exploit transparent chain-of-thought representations to enable weak but reliable models to effectively oversee significantly more capable, untrusted agents. Integrated within a hierarchical supervision architecture and a multi-agent adversarial evaluation framework (BashArena), the method substantially improves violation detection rates across multi-turn software engineering tasks—even when the agent and monitor collude, effective oversight remains possible as long as the original chain-of-thought traces are accessible.

Trusted monitoring is a cornerstone of AI control. However, as frontier models grow more capable, the increasing capabilities gap between trusted and untrusted models may render trusted models unreliable monitors. We introduce \emph{bootstrapped monitoring}, a protocol that addresses this by inserting a stronger, intermediate untrusted model with transparent chain-of-thought reasoning into the oversight chain. The untrusted monitor ($U_m$) evaluates the agent's actions, while a weaker trusted model ($T$) oversees $U_m$'s reasoning to detect collusion. We evaluate bootstrapped monitoring on multi-turn software engineering tasks (BashArena) across multiple agents and monitors. Bootstrapped monitoring substantially improves catch rates over trusted-only monitoring, even when the untrusted monitor actively colludes with the agent, provided we have access to its raw chain-of-thought. Our results suggest that bootstrapped monitoring can extend the useful lifetime of trusted models in control as AI capabilities advance.